Don't undo progress, California legislator asks
- By William Jackson
- Feb 06, 2007
SAN FRANCISCO ' The author of California's data breach notification law today advised Congress to be careful in passing a nationwide law to protect consumers from the loss of sensitive information.
'The California standard has become a de facto national standard' in the handling of personal data and data breaches, said state Sen. Joe Simitian. Although he supported a national law, he warned that it should not weaken requirements already in place in most states. 'Let's not sacrifice it on the altar of federal regulation.'
Simitian was recognized with an award for excellence in the field of public policy Tuesday at this week's RSA IT security conference. He wrote the bill passed four years ago that raised the profile of the problem of the loss of personal information being held by many organizations.
The law was based on the principle that 'what you don't know can hurt you,' Simitian said.
He credited it not only with helping consumers, but with spurring improved security practices. Since the law's passage, more than 30 states have passed similar laws, and breaches of data on more than 100 million individuals have been publicly reported.
At least six data breach bills were introduced in the last Congress, although none made it out of committee. Similar bills are expected to be reintroduced in the current congress. Industry would like to have a single national law rather than deal with a patchwork of state requirements.
Simitian warned an audience of 4,000 security professionals that a weak national law that overrides stronger state laws would not serve the country well.
William Jackson is a Maryland-based freelance writer.